Google Cloud Console显示客户端未经授权使用此方法检索访问令牌在Python中。

huangapple go评论67阅读模式
英文:

Google Cloud Console shows Client is unauthorized to retrieve access tokens using this method in python

问题

I saw so many questions related to this GCP issue, none of it helped. I have created a service account and added it to "Manage Domain-wide delegation" with scopes. But I still get this error Client is unauthorized to retrieve access tokens using this method or client not authorized for any of the scopes requested.

以下是代码部分:

from google.oauth2 import service_account

SCOPES = [
    "https://www.googleapis.com/auth/admin.directory.user",
    "https://www.googleapis.com/auth/admin.directory.domain.readonly",
    "https://www.googleapis.com/auth/gmail.readonly",
    "https://www.googleapis.com/auth/gmail.send",
    "https://www.googleapis.com/auth/gmail.insert",
    "https://www.googleapis.com/auth/gmail.settings.sharing",
]

SERVICE_ACCOUNT_FILE = '/PATH/TO/FILE/credentials.json'
credentials = service_account.Credentials.from_service_account_file(
        SERVICE_ACCOUNT_FILE, scopes=SCOPES, )
delegated_credentials = credentials.with_subject('email')
service = build('admin', 'directory_v1', credentials=delegated_credentials)

def main():
    print("Getting the first 10 users in the domain")
    results = (
        service.users()
        .list(customer="customer_id", maxResults=10, orderBy="email")
        .execute()
    )
    users = results.get("users", [])
    print(users)

希望这可以帮助你解决问题。

英文:

I saw so many question relating to this GCP issue, none of it helped. I have created service account and added to "Manage Domain-wide delegation" with scopes. But I still get this error Client is unauthorized to retrieve access tokens using this method or client not authorized for any of the scopes requested.

code is below:

from google.oauth2 import service_account


SCOPES = [
    "https://www.googleapis.com/auth/admin.directory.user",
    "https://www.googleapis.com/auth/admin.directory.domain.readonly",
    "https://www.googleapis.com/auth/gmail.readonly",
    "https://www.googleapis.com/auth/gmail.send",
    "https://www.googleapis.com/auth/gmail.insert",
    "https://www.googleapis.com/auth/gmail.settings.sharing",

]

SERVICE_ACCOUNT_FILE = '/PATH/TO/FILE/credentials.json'
credentials = service_account.Credentials.from_service_account_file(
        SERVICE_ACCOUNT_FILE, scopes=SCOPES, )
delegated_credentials = credentials.with_subject('email')
service = build('admin', 'directory_v1', credentials=delegated_credentials)

def main():
    print("Getting the first 10 users in the domain")
    results = (
        service.users()
        .list(customer="customer_id", maxResults=10, orderBy="email")
        .execute()
    )
    users = results.get("users", [])
    print(users)


答案1

得分: 1

Delegation means impersonating another identity. What permissions does the identity in this line of code have credentials.with_subject('email')? The identity needs super administrator access to the relevant Google Workspace account.

Additionally, the user must have logged in at least once and accepted the Google Workspace Terms of Service.

英文:

Delegation means impersonating another identity. What permissions does the identity in this line of code have credentials.with_subject('email')? The identity needs super administrator access to the relevant Google Workspace account.

Additionally, the user must have logged in at least once and accepted the Google Workspace Terms of Service.

huangapple
  • 本文由 发表于 2023年3月21日 01:38:38
  • 转载请务必保留本文链接:https://go.coder-hub.com/75793541-2.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定